Claude Mythos Preview Completes Full Cyberattack Simulation for the First Time

The rapid evolution of generative AI is reshaping cybersecurity, moving from defensive assistance to potential offensive capability. Anthropic’s Claude Mythos Preview, billed as the most capable model to date, demonstrates how large‑language models can parse code, identify vulnerabilities, and orchestrate attack chains without human guidance. This shift mirrors earlier breakthroughs in AI‑driven red teaming, but Mythos pushes the envelope by autonomously navigating a 32‑step corporate network simulation—a task that traditionally demands weeks of manual effort.

The UK AI Security Institute’s controlled evaluation provides the first hard data on Mythos’s offensive power. Across ten trials, the model completed an average of 22 steps in a full network takeover scenario and succeeded entirely in three runs, eclipsing Claude Opus 4.6’s average of 16 steps. Its 73 % success rate on expert‑level capture‑the‑flag challenges further underscores a leap in autonomous exploit generation. While the tests focused on lightly defended environments, the results signal that threat actors with access to such models could dramatically accelerate breach timelines and reduce the expertise needed for sophisticated attacks.

Industry response is already cautious. Anthropic limits Mythos Preview to about 40 high‑profile partners through Project Glasswing, citing concerns over misuse. Policymakers and security vendors must grapple with how to regulate, monitor, and defend against AI‑powered threats that can outpace traditional detection tools. Developing robust model‑usage agreements, embedding real‑time monitoring, and investing in AI‑enhanced defensive analytics will be essential to mitigate the emerging risk landscape while still leveraging AI’s defensive benefits.